Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-6220

CWE-744 documents4 sources
Severity
9.8CRITICAL
EPSS
9.6%
top 7.12%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Trend Micro Trend Micro Email Encryption GatewayTrendmicro Email Encryption Gateway
Timeline
PublishedMar 15
Latest updateMay 14

Description

An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

Patches

Patch: success.trendmicro.comPatch: success.trendmicro.com

🔴Vulnerability Details

2
GHSA
GHSA-5jhv-4759-qhgg: An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 52022-05-14
CVEList
CVE-2018-6220: An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 52018-03-15

💥Exploits & PoCs

1
Exploit-DB
Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities2018-02-22
CVE-2018-6220 (CRITICAL CVSS 9.8) | An arbitrary file write vulnerabili | cvebase.io